Changing client permissions during run time

Hello,
I would like to know if there is a way I can enable/disable (using a button) permissions of my clients, during run time.
In other words, I would like to press a button and let my client read/write a tag, or press it again so that his permission changes to read only mode. Everything live. Thanks!

Not that I know of. This would also (most likely) break the security model. When this would be possible, a client could send the code to change its security level at will (you can never trust client code).

You’ll have to add in scripting for this specific case, and check if either the role or the other conditions match before writing the tag. (I guess slightly breaking the security model for this one tag isn’t that bad. Certainly not as bad as invalidating the security model of your complete Ignition installation).

3 Likes

As @Sanderd17 pointed out, not in the existing security model. But there’s no reason your application can’t check another condition before writing to a tag. Put the extra condition in a boolean memory tag and have your client code check that before any write.

1 Like

Thanks for the responses! @Sanderd17 @pturmel
There is something else, maybe you can help me too. I have 27 computers that will be used as clients. Can all of them use the same client account, and in some way I choose which one of the computers will have access to write a tag? I mean, I want to allow the read/write mode to a tag one computer by one, one at a time, while the others just wait their turns. Do you have some clue if that is possible? If it is, how?

Sure. Instead of using a simple boolean memory tag for write permission, use a string memory tag (not a client tag) to hold the clientID of the one client that will have write access. Have the client code check that its own ID matches the memory tag before writing. Have the supervisor code clear the memory tag to disable all relevant writes. Have the supervisory code use system.util.getSessionInfo() to select which client to allow.

1 Like

Yes, you can use the client tags. Every client has a separate set of client tags. Even if you open multiple clients on one computer, the tags aren’t shared.

So they’re ideal to keep a local configuration.

When or how you set the client tag depends on you. You could f.e. send a message to a certain hostname from the server.

1 Like

Could you please help me with the script, or at least to start it? Thanks in advance!

You’ll have to describe your case in a bit more detail then.

Who decides who can write the tag? Is it someone on another client, or something scripted based on a tag, database status or whatnot.

Can different operators get access to write that tag at the same time? Or is it always one-by-one?

Do they lose the right to write the tag after they’ve wrote to it once?

Is there only one such protected tag, or do you have to set up a structure so you can reuse it over different tags?

What UI element would you like to use to set the tag (is it boolean, multiple choice, …)?

  1. The admin. The project I’m working for is for a class. There will be 1 teacher (admin) controlling which student can write the tag, and 27 students (clients).

  2. No, there is no need different operators get access to write the tag at the same time. Always one-by-one.

  3. No, they can write it until the teacher (admin) decides who is the next client that can write.

  4. I have to reuse it over different tags, maybe 3 or more.

  5. It can be whatever UI element that makes the program cleaner, or maybe the easiest.

Hope I answered all of your questions. Thanks a lot!! Hope you can help me!

Ok, having only one computer write at a time makes it quite easy.

  1. Create a memory tag (like pturmel suggested) to store the hostname of the computer that is allowed to write
  2. On your UI element bind the “enabled” setting to that. Comparing the hostname from the [System]Client/Network/Hostname tag with the hostname you set on that memory tag. This is easy with an expression binding like this: {[System]Client/Network/Hostname} = {my/tag/tree/hostname}. Keep the regular bidirectional binding for the rest.
  3. Create a GUI for the admin (like a dropdown) where he can choose between the available hostnames (or an empty string in case nobody is allowed to write).
1 Like

Ok, @Sanderd17! I’m gonna try to implement that on monday, and then I’ll come back here if I have any more questions, which I probably will. Thanks a lot once again!!!

@Sanderd17 I’m having some trouble in the second step.
Step 1:


Is this correct?

But now in step 2 I’m kind of lost. I didn’t find a scripting place on the tag editor, so I opened Tools → Playground Script and placed the expression like you said. I tried with a “substring” in the beginning of the expression too, but none of them seem to work, It says "no viable alternative at input “Client”.

Pls help. I’m sorry, i’m new at this so everything gets a bit harder to do.

Maybe it would be a good idea to read through the documentation and follow the tutorials. But anyway …

On a component, you can bind the “enabled” property by clicking on that linking icon on the right side.

On that popup, choose the expression binding, and browse for the tags you want (you want to compare the client hostname to that tag you defined in step 1).

Expression bindings have their own syntax, and are different from scripting.

1 Like

Ok now? :smiley:
I read through some documentation but I couldn’t find anyhing that would help me, that’s why I came here to ask, you’re helping a lot

So now I have to create 27 different memory tags (for the 27 clients) and add all of them to the expression binding? The expression binding should be with 27 different lines of comparisons? Is that right?

No, you should have one tag holding the hostname that is allowed to write.

Then the teacher/administrator can set that tag (probably via a separate interface), and the comparison will make sure that only the selected hostname can write to the tag.

1 Like

Thanks for all your help @Sanderd17, I made it work without the need of a separate interface! Thanks a lot!!!